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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 

application: 

LISTING OF CLAIMS: 

1 . {Currently Amended) A process for protecting a computer from hostile code, the process 
comprising: 

defining at least two trust groups, each of the defined trust groups being characterized by 
a trust group valu e, a FromLower rules list pointer, and a ToLower rules list pointer : 

assigaing objects and processes in the computer to one of said trust groups, irrespective 
of the rights of a user of said computer; 

defining at least two object types; 

defining a plurality of operation types: 

assigning an object type to each of the objects; 

defining att a plurality of action rules, each of the action rules corresponding to at 
least one of the FromLower or ToLower rules list pointers, feg each of the action rules listing a 
combination of an operation tvne from the plurality of operation types: an action : proc e ss trust 
group value, objoot tmot group value, and object type; and, 

upon an access request of an operation type by a requesting process to a target object, 
comparing the trust group value of the trust group of the process to the trust group value of the 
trust group of the object and: 
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when the trust group value of the trust group of the process is higher than the trust 

group value of the trust grout) of the object, inspecting all action rules corresponding to 

the ToLower action rules list pointer of the trust group of the process to obtain a 

matching action rule listing the same operation type of the access request and the same 

ohiect type of the target object and, once a matching action rule is obtained, performing 

the action indicated by the matching action ruleiand 

when the trust group value of the trust group of the process is smaller than the trust 
group value of the trust group of the object, inspecting all action rules corresponding to 
the FromLower action rules list pointer of the trust group of the ob ject to obtain a 
matching action rule listing the same operation type of the access request and the same 
object type of the target object and, once a matching action rule is obtained performing 
the action indicated bv the matching action rule applicable to the trust group valu e of th e 
requesting process, the truot group valu e of th e* targot object, and the object type , 

2. (Previously Presented) The process of claim 1 wherein a process is assigned 
upon creation to the trust group assigned to the passive code from which the process is created, 

3. (Previously Presented) The process of claim 1 further comprising changing the 
trust group of the process if the trust group value of the process is greater than the trust group 
value of the object. 
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4» {Previously Presented) The process of claim 1 , further comprising changing the 

trust group of said object after performing said action. 

5. (Previously Presented) The process of claim 1 further comprising, upon creation 
of an object by a process, assigning said created object to the trust group of said process. 

6. (Currently Amended) The process of claim 1 , wherein the object types comprise 
executable file* document file, and registry key further corapriaittg defining at lcaot two operation 
typ e s and wh e r e in -sa id combination includ e s at l e ast on e of said operation typoo . 

7. (Canceled). 

8. (Previously Presented) The process of claim 3 further comprising assigning said 
process to the trust group of said object if the trust group of said process is higher than the trust 
group of said object. 

9. (Previously Presented) The process of claim 3, wherein upon a restart of said 
process, the trust group of said process reverts to the original trust group of the object from 
which the process was created. 

1 0. (Currently Amended) The process of claim 1 , wherein each of the action rules 
further lists a rule priority further comprising: 
defining at least two proc e ss types; 
assigning proc e qg e g to on e of ooid proc e ss typoo; ond 
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and whorcin said combination includes at least one of said process types . 

1 1 . (Previously Presented) The process of claim 1 , wherein said object types 
comprise passive code and executable code, 

12. (Currently Amended) The process of claim i [[€]], wherein said operation types 
comprise open, read, create, modify, and delete. 

13. (Previously Presented) A computer-readable medium comprising computer 
readable instructions for protecting a computer from hostile code, the instructions causing the 
computer to: 

define a plurality of trust group values; 

define a first and a second rule sets, each of said rule sets comprising a plurality of rules 
defining an action based on an operation type; 

identify objects and processes within the computer; 

define a table of at least two trust groups, wherein each trust group comprise one trust 
group value and said first and second rule sets; and 

assign objects and processes in the computer to one of said trust groups irrespective of the # 
rights of a user of said computer; 

whereby upon operation of a process over an object, the computer is configured to: 

compare a trust group value of the process with a trust group value of the object; 

determine whether to allow the operation by following the rules of said first rule set if the 
trust group value of the process is not smaller than the trust group of the object and 
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following the rules of said second rule set if the trust group value of the process is smaller 

than the trust group value of the object. 

1 4. (Previously Presented) The computer-readable medium of claim 13 farther 
comprising instructions causing the computer to: 

define a table of types of at least two types of objects, the objects in the computer being 
assigned one type; and 

wherein said plurality of rules define said actions further based on the type of said object. 

1 5. (Previously Presented) The computer-readable medium of claim 13, wherein said 
operation type comprises open, read, create, modify, and delete. 

1 6. (Previously Presented) The computer-readable medium of claim 14, wherein said 
types of objects comprise passive code and executable code. 

17. (Canceled). 

18. (Canceled). 

1 9. (Previously Presented) The computer-readable medium of claim 13, wherein the 
computer is operatively coupled to a network, the network including a server, the table of trust 
groups stored in said server. 

20. (Canceled). 
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21 . (Previously Presented) A computer-readable medium according to claim 13, 
wherein the computer is operatively coupled to a network, the network including a server, the 
table of rules is stored in said server. 

22. (Canceled). 

23. (Currently Amended) A computer comprising: 
a random access memory (RAM); 

a non-volatile memory; 

a processor coupled to said RAM and said non- volatile memory; 
wherein said non-volatile memory comprises: 
a list of object types; 

a list of rules each of said rules defining an action based on an object type and 

operation ty pe; 

a list of object trust groups, each trust group defining an object trust value and 
coupled to at least one of said rules; 

a plurality of objects, each of said objects having an object type and assigned to 
one of said trust groups; 

wherein upon start of the computer, a process trust list is initiated in said RAM; 
and wherein when a process is created in said RAM from an originating object of one of 
said objects, said processor assigns to said process a process trust value equal to the object trust 
value of said originating object and enters the process trust value in said process trust list . 
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24. (Previously Presented) The computer of claim 23, further comprising a controller 
receiving operation requests from said process to be performed on a target object of one of said 
objects and, upon receiving said requests said controller access said list of object trust groups, 
list of rules, and list of object type to determine whether to allow the operation. 

25. (Canceled). 

26. (Previously Presented) The computer of claim 24, wherein when the controller 
allows the operation request but the process trust value is lower than the target object trust value, 
said processor resets the process trust value equal to that of the target object trust value. 
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